This article details a SQL injection vulnerability identified as CVE-2025-62360, which affects the WeGIA management system version 3.5.0 and earlier. The flaw resides in the dependente_documento.php endpoint, specifically within the id_dependente parameter. An authenticated user can leverage this vulnerability to perform UNION-based SQL injection, potentially gaining unauthorized access to sensitive database information.
The provided technical documentation includes a Bash-based exploit script that automates the attack process. The script handles authentication, session cookie extraction, and the delivery of a malicious payload to extract data such as the database version. Users are advised to update their WeGIA installations to the latest version and restrict access to administrative interfaces.
Top comments (0)